Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTenableCVELIST:CVE-2021-20151
HistoryDec 30, 2021 - 9:31 p.m.

CVE-2021-20151

2021-12-3021:31:12
tenable
www.cve.org
3
trendnet
ac2600
tew-827dru
session management
flaw
ip address
attacker
web sessions

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router’s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user’s session.

CNA Affected

[
  {
    "product": "Trendnet AC2600 TEW-827DRU",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2.08B01"
      }
    ]
  }
]

Related

cve 1
prion 1
nvd 1
cve
cve
CVE-2021-20151
2021-12-30 22:15:08
prion
prion
Session fixation
2021-12-30 22:15:00
nvd
nvd
CVE-2021-20151
2021-12-30 22:15:08

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON
Related for CVELIST:CVE-2021-20151
cve1prion1nvd1